Boojum
zkSync's Revolutionary Proof System Upgrade for Increased Performance and Decentralization
In a significant move towards advancing personal freedom and self-ownership, zkSync Era is undergoing a game-changing upgrade by transitioning to a new proof system known as 'Boojum.' The zkSync protocol aims to create a trustless, secure, and scalable blockchain network that empowers users with permissionless and affordable transactions.
After the successful launch of the Alpha version of zkSync Era, the reception has been overwhelming, with substantial activity on the network, including $577 million Total Value Locked and over 23.7 million transactions in the past 30 days.
Meet Boojum:
Boojum, named after Lewis Carroll's poem "The Hunting of the Snark," represents a new Rust-based arithmetization & constraint library used to implement upgraded ZK circuits for zkSync Era and the ZK Stack.
Boojum has been designed with a set of remarkable properties to significantly enhance the zkSync protocol.
1. PLONK-style arithmetization: Boojum continues to utilize PLONK-style arithmetization, making the ZK circuits simpler to develop, audit, and upgrade. PLONK-style arithmetization is a method for representing arithmetic circuits in zero-knowledge proofs (ZKPs). It is based on the idea of representing a circuit as a sequence of polynomial commitments, and then checking that these commitments satisfy certain constraints. This approach allows for easier maintenance and ensures the system remains adaptable to future cryptographic upgrades.
2. Powerful commitment scheme: Boojum's core lies in the FRI commitment scheme, enabling a commitment to a polynomial of bounded degree and efficient proof verification. FRI commitment scheme is an interactive oracle proof (IOP) protocol that allows a prover to convince a verifier that a given codeword belongs to a polynomial of a low degree. The acronym FRI stands for Fast Reed-Solomon IOP of Proximity.
The FRI protocol is comprised of two phases: a commit phase and a query phase. In the commit phase, the prover sends the verifier a sequence of domain evaluation oracles, which are functions that map a point in the domain of the polynomial to its value. The verifier then randomly selects a challenge point and sends it to the prover.
In the query phase, the verifier asks the prover to open the challenge point, which means revealing the value of the polynomial at that point. The prover does this by providing the verifier with the corresponding domain evaluation oracle. The verifier then checks whether the value of the polynomial at the challenge point is consistent with the codeword that was committed to in the first phase.
If the verifier is satisfied, then it accepts the proof. Otherwise, it rejects the proof.
zkSync uses this capability to ensure the integrity of the claimed openings within the low-degree polynomial.
3. Efficiency of the system: Witness generation, an often-neglected aspect in prover performance, has been vastly improved in the current version of Boojum. The system offers automated parallelized witness generation, significantly reducing the time taken for witness and proof generation.
4. Ease of extension: Boojum's thin base constraint system allows for easy addition of custom gate types, simplifying the development process. Users can define circuit structures and generate provers, verifiers, and recursive verifiers with efficiency.
5. Single Stack with Standard Rust: Boojum's architecture is designed to be expressed entirely with standard, idiomatic Rust, capitalizing on the expressiveness of the language's type system. The computationally intensive parts of the GPU prover are written in CUDA C++ (a programming language that allows developers to use C++ to program NVIDIA GPUs), but Rust bindings for composition facilitate seamless integration. Boojum leverages Rust's capabilities to build a cohesive and efficient proof system while promoting code readability and maintainability.
6. Operating Over a "Goldilocks Field": Boojum operates over the prime field of size 2^64 - 2^32 + 1, commonly referred to as a "Goldilocks field." This choice, originally presented by Mike Hamburg, offers a balance of performance and security. Boojum provides implementations of field-bound primitives like the Poseidon2 hash function, as well as lookup-table-based implementations of standard cryptographic primitives such as SHA256, Keccak256, and Blake2s. This selection of field parameters and cryptographic primitives ensures a high level of security and computational efficiency.
The decision to adopt Boojum as the new proof system for zkSync Era was driven by two key factors:
achieving world-class proving performance and
reducing hardware requirements for decentralization
The current SNARK-based system, while effective, lacks the scalability needed to support high-volume, near-real-time transactions in the ZK Stack and zkSync Era's Hyperchain. To enable fast finality and interoperability between Hyperchains, the proof system must generate and verify proofs quickly and cost-effectively. Boojum's performance surpasses that of other systems, making it the fastest-proof system used in production, as demonstrated by benchmarking tests conducted by Celer. The move to a STARK-based proof system represents a dramatic improvement in performance, ensuring low latency for finality and supporting increased activity on the zkSync Era and other ZK Stack systems.
Performance and Decentralization:
Boojum's implementation represents a leap forward in proving performance, with benchmarking tests showcasing its world-class efficiency. The proof system's exceptional speed contributes to reduced transaction costs and moves the network towards the goal of fast finality and interoperability between Hyperchains.
Moreover, Boojum reduces the hardware requirements for decentralization, a key step towards empowering users with low-cost participation. The GPU provers now require just 16 GB of RAM, significantly lowering the barrier to entry for users. CPU-based proving is also possible with as low as 64 GB of RAM, aiming to decrease even further in the future.
Conclusion:
The introduction of Boojum as zkSync Era's new proof system marks a transformative milestone in the pursuit of personal freedom and self-ownership. The upgrade showcases unparalleled proving performance, facilitating faster finality and enhanced scalability for zkSync Era and other ZK Stack-based systems.
Additionally, the reduced hardware requirements promote greater decentralization, enabling user-powered proof generation without the need for expensive machines. Boojum's exceptional features solidify zkSync's commitment to creating a trustless, secure, and scalable blockchain ecosystem accessible to all.